exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

JW Player Pro 5.10.2295 Spoofing / Cross Site Scripting

JW Player Pro 5.10.2295 Spoofing / Cross Site Scripting
Posted Aug 22, 2012
Authored by MustLive

JW Player Pro versions 5.10.2295 and below suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | acc75c88cc5eca754830915e33670feca1632c8795fc3987919f0946eecc4e29

JW Player Pro 5.10.2295 Spoofing / Cross Site Scripting

Change Mirror Download
Hello list!

I want to warn you about security vulnerabilities in JW Player Pro.

These are Content Spoofing and Cross-Site Scripting vulnerabilities.

In June I've wrote about vulnerabilities in JW Player
(http://securityvulns.ru/docs28176.html). And these are vulnerabilities in
licensed version of the player - JW Player Pro.

-------------------------
Affected products:
-------------------------

Vulnerable are JW Player Pro 5.10.2295 and previous versions (licensed
versions of JW Player).

The developers promised me to fix these vulnerabilities soon (in updated
version of 5.10 or in 5.11). All users of licensed version and web
developers, which distribute it with their software, are recommended to
upgrade to the latest version of the player.

----------
Details:
----------

Earlier I've wrote about vulnerabilities in JW Player and in the advisory
I've also mentioned two holes which concern only licensed version - Content
Spoofing and Cross-Site Scripting in logo feature. I had no swf-file of
licensed version and hadn't found it to check these holes, and after my ask
to developers to provided me with a link to any web site with it to verify
these vulnerabilities, they didn't do it (so I wrote supposed PoCs for these
holes). But in August I've found such licensed version of JW Player, checked
these holes and found that attacking code for XSS must be different, so I
created new attack code for XSS.

XSS (WASC-08):

Concerning one previous vulnerability. The swf-file has protection against
javascript: and vbscript: URIs, so data: URI must be used.

http://site/jwplayer.swf?file=1.flv&logo.file=1.jpg&logo.link=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B

And here are two new vulnerabilities.

Content Spoofing (WASC-12):

http://site/jwplayer.swf?abouttext=Player&aboutlink=http://site

XSS (WASC-08):

http://site/jwplayer.swf?abouttext=Player&aboutlink=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B

Names of the swf-file can be different: jwplayer.swf, player.swf or others.

------------
Timeline:
------------

2012.08.12 - found vulnerabilities at official web sites of one commercial
CMS with JW Player Pro.
2012.08.16 - informed developers of CMS about all previous holes in JW
Player (which they haven't fixed since end of May, when part of the holes
were fixed).
2012.08.17 - informed developers of CMS about new holes.
2012.08.18 - informed developers of JW Player.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close